function authenticate(req, res, next) {
  const token = req.header('Authorization');
  if (!token) return res.sendStatus(401);
  jwt.verify(token, 'SECRET_KEY', (err, decoded) => {
    if (err) return res.sendStatus(401);
    req.userId = decoded.userId;
    next();
  });
}